Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

421 matches found

OSV
OSVadded 3 days ago6 views

BIT-NGINX-2026-9256 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.00237EPSS
Exploits3References3
SUSE CVE
SUSE CVEadded 2026/05/23 1:30 a.m.9 views

SUSE CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

8.1CVSS6.2AI score0.00237EPSS
Exploits3References3
NVD
NVDadded 2026/05/22 3:16 p.m.5 views

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS0.00237EPSS
Exploits3References2
OSV
OSVadded 2026/05/22 3:16 p.m.5 views

ALPINE-CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.00237EPSS
Exploits3References1
ATTACKERKB
ATTACKERKBadded 2026/05/22 2:11 p.m.8 views

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.00237EPSS
Exploits3References2Affected Software2
OSV
OSVadded 2026/05/22 1:18 p.m.4 views

OESA-2026-2407 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a...

9.2CVSS6.6AI score0.00897EPSS
Exploits34References2
CNNVD
CNNVDadded 2026/05/22 12:0 a.m.5 views

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

9.2CVSS6AI score0.00237EPSS
Exploits3References3
AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.5 views

Astra Linux - уязвимость в sane-backends

A out-of-bounds read in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, also known as GHSL-2020-081...

4.3CVSS6.7AI score0.00104EPSS
Exploits1References2
OSV
OSVadded 2026/05/20 2:16 a.m.4 views

DEBIAN-CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.00056EPSS
Exploits0References1
OSV
OSVadded 2026/05/20 12:0 a.m.1 views

UBUNTU-CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.00056EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/20 12:0 a.m.5 views

PT-2026-42052

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description An integer overflow exists in the compressed-token decoder due to a 32-bit signed counter that is not checked for overflow. A malicious sender can trigger this overflow, causing the receiver process to...

8.1CVSS6.1AI score0.00056EPSS
Exploits0References31
RedHat Linux
RedHat Linuxadded 2026/05/19 10:4 p.m.6 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.00897EPSS
Exploits34References6
RedHat Linux
RedHat Linuxadded 2026/05/19 10:0 p.m.8 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.00897EPSS
Exploits34References6
OSV
OSVadded 2026/05/19 3:16 p.m.2 views

DEBIAN-CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.2CVSS6.2AI score0.00096EPSS
Exploits0References1
OSV
OSVadded 2026/05/19 3:16 p.m.1 views

UBUNTU-CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.2CVSS6.2AI score0.00096EPSS
Exploits0References3
AlpineLinux
AlpineLinuxadded 2026/05/19 2:4 p.m.5 views

CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.2CVSS6.2AI score0.00096EPSS
Exploits0
EUVD
EUVDadded 2026/05/19 2:4 p.m.5 views

EUVD-2026-30940

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.2CVSS6.3AI score0.00096EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2026/05/18 12:3 p.m.7 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.00897EPSS
Exploits34References6
The Hacker News
The Hacker Newsadded 2026/05/17 11:57 a.m.11 views

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 CVSS score: 9.2, is a heap buffer overflow in ngxhttprewritemodule affecting...

9.2CVSS7.1AI score0.00897EPSS
Exploits34
RedHat Linux
RedHat Linuxadded 2026/05/15 4:46 p.m.4 views

nginx: NGINX: Arbitrary Code Execution Vulnerability

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.6AI score0.00897EPSS
Exploits34References6
Rows per page
Query Builder